---
title: "FreeBSD/alpha 4.5-RELEASE Release Notes"
sidenav: download
---

++++


        <h3 class="CORPAUTHOR">The FreeBSD Project</h3>

        <p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002 by
        The FreeBSD Documentation Project</p>

        <p class="PUBDATE">$FreeBSD:
        src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v
        1.22.2.191.2.1 2002/01/25 20:58:19 bmah Exp $<br>
        </p>

        <div>
          <div class="ABSTRACT">
            <a name="AEN11"></a>

            <p>The release notes for FreeBSD 4.5-RELEASE contain a
            summary of the changes made in the FreeBSD base system
            since 4.4-RELEASE. Both changes for kernel and userland
            are listed, as well as applicable security advisories
            for the base system that were issued since the last
            release. Some brief remarks on upgrading are also
            presented.</p>
          </div>
        </div>
        <hr>
      </div>

      <div class="TOC">
        <dl>
          <dt><b>Table of Contents</b></dt>

          <dt>1 <a href="#AEN13">Introduction</a></dt>

          <dt>2 <a href="#AEN21">What's New</a></dt>

          <dd>
            <dl>
              <dt>2.1 <a href="#KERNEL">Kernel Changes</a></dt>

              <dd>
                <dl>
                  <dt>2.1.1 <a href="#AEN74">Processor/Motherboard
                  Support</a></dt>

                  <dt>2.1.2 <a href="#AEN77">Boot Loaders</a></dt>

                  <dt>2.1.3 <a href="#AEN93">Network Interface
                  Support</a></dt>

                  <dt>2.1.4 <a href="#AEN189">Network
                  Protocols</a></dt>

                  <dt>2.1.5 <a href="#AEN222">Disks and
                  Storage</a></dt>

                  <dt>2.1.6 <a href="#AEN250">Filesystems</a></dt>

                  <dt>2.1.7 <a href="#AEN262">PCCARD
                  Support</a></dt>

                  <dt>2.1.8 <a href="#AEN268">Multimedia
                  Support</a></dt>

                  <dt>2.1.9 <a href="#AEN274">Contributed
                  Software</a></dt>
                </dl>
              </dd>

              <dt>2.2 <a href="#SECURITY">Security-Related
              Changes</a></dt>

              <dt>2.3 <a href="#USERLAND">Userland Changes</a></dt>

              <dd>
                <dl>
                  <dt>2.3.1 <a href="#AEN597">Contributed
                  Software</a></dt>

                  <dt>2.3.2 <a href="#AEN677">Ports/Packages
                  Collection</a></dt>
                </dl>
              </dd>
            </dl>
          </dd>

          <dt>3 <a href="#AEN698">Upgrading from previous releases
          of FreeBSD</a></dt>
        </dl>
      </div>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN13">1 Introduction</a></h1>

        <p>This document contains the release notes for FreeBSD
        4.5-RELEASE on the Alpha/AXP hardware platform. It
        describes new features of FreeBSD that have been added (or
        changed) since 4.4-RELEASE. It also provides some notes on
        upgrading from previous versions of FreeBSD.</p>

        <p>This distribution of FreeBSD 4.5-RELEASE is a release
        distribution. It can be found at <a href=
        "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/" target=
        "_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/</a> or
        any of its mirrors. More information on obtaining this (or
        other) release distributions of FreeBSD can be found in the
        <a href="http://www.FreeBSD.org/handbook/mirrors.html"
        target="_top">``Obtaining FreeBSD''</a> appendix in the <a
        href="http://www.FreeBSD.org/handbook/" target=
        "_top">FreeBSD Handbook</a>.</p>
      </div>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN21">2 What's New</a></h1>

        <p>This section describes the most user-visible new or
        changed features in FreeBSD since 4.4-RELEASE. Typical
        release note items document new drivers or hardware
        support, new commands or options, major bugfixes, or
        contributed software upgrades. Security advisories for the
        base system that were issued after 4.4-RELEASE are also
        listed.</p>

        <p>Many additional changes were made to FreeBSD that are
        not listed here for lack of space. For example,
        documentation was corrected and improved, minor bugs were
        fixed, insecure coding practices were audited and
        corrected, and source code was cleaned up.</p>

        <div class="SECT2">
          <hr>

          <h2 class="SECT2"><a name="KERNEL">2.1 Kernel
          Changes</a></h2>

          <p>The <tt class="VARNAME">kern.maxvnodes</tt> limit now
          properly limits the number of vnodes in use. Previously
          only vnodes with no cached pages could be freed; this
          could allow the number of vnodes to grow without limit on
          large-memory machines accessing many small files. A <tt
          class="LITERAL">vnlru</tt> kernel thread helps to flush
          and reuse vnodes.</p>

          <p>Linux emulation now supports the kernel functionality
          required by the <a href=
          "http://www.FreeBSD.org/cgi/url.cgi?ports/emulators/linux_base-7/pkg-descr">
          <tt class="PORT">emulators/linux_base-7</tt></a> (RedHat
          7.X emulation) port.</p>

          <p>A <tt class="VARNAME">MAXMEM</tt> kernel option, along
          with the <tt class="VARNAME">hw.physmem</tt> loader
          tunable, can be used to artificially reduce the memory
          size of a machine for testing (or other purposes).</p>

          <p>The kernel configuration parameters <tt class=
          "VARNAME">MAXTSIZ</tt>, <tt class="VARNAME">DFLDSIZ</tt>,
          <tt class="VARNAME">MAXDSIZ</tt>, <tt class=
          "VARNAME">DFLSSIZ</tt>, <tt class="VARNAME">MAXSSIZ</tt>,
          and <tt class="VARNAME">SGROWSIZ</tt> are all loader
          tunables (<tt class="VARNAME">kern.maxtsiz</tt>, <tt
          class="VARNAME">kern.maxdfldsiz</tt>, etc.).</p>

          <p>Specifying a value of <tt class="LITERAL">0</tt> for
          the <tt class="VARNAME">maxusers</tt> kernel
          configuration parameter will now cause an appropriate
          value to be calculated at boot-time (between 32 and 384,
          depending on the amount of memory present). This value is
          now the default for all <tt class="FILENAME">GENERIC</tt>
          kernels.</p>

          <p>The console driver has gained support for TGA-based
          display adapters.</p>

          <p>Coredumps of large processes (or of a large number of
          processes) no longer lock up the machine for long periods
          of time.</p>

          <p>The system load average computation now adds some
          jitter to the timing of samples, in order to avoid
          synchronization with processes that run periodically.</p>

          <p>If a debugging kernel with modules is being built
          (i.e. using <tt class="LITERAL">makeoptions
          DEBUG=-g</tt>), the modules will now be built with
          debugging support as well, for completeness. A side
          effect of this change is that modules built and installed
          with debugging kernels will now occupy more space on disk
          than they did previously.</p>

          <p>Compaq Tru64 and FreeBSD keep the year in the TOY
          clock chip in different formats. Compaq Tru64 uses a
          year-value that is 52 years higher than FreeBSD. In order
          to allow dual booting of an Alpha machine without
          clobbering the TOY clock setting, FreeBSD now supports a
          boot environment variable <tt class=
          "VARNAME">clock_compat_osf1</tt> to use Tru64's year
          values. By setting this variable to <tt class=
          "LITERAL">1</tt> from the <tt class="LITERAL">ok</tt>
          prompt of the loader or by putting <tt class=
          "LITERAL">clock_compat_osf1=1</tt> in <tt class=
          "FILENAME">/boot/loader.conf</tt>, an Alpha can be dual
          booted without ``time warps''.</p>

          <p>The kernel on the installation CDs is now separated
          from the <tt class="FILENAME">mfsroot</tt> image. This
          provides more flexibility when building custom FreeBSD
          distributions.</p>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN74">2.1.1
            Processor/Motherboard Support</a></h3>

            <p>The machine dependent code has been corrected to
            allow FreeBSD to run on Alphaserver 2100 and 2100A
            machines based on EV5 Alpha processors. Machines with
            EV4 Alpha processors were already supported.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN77">2.1.2 Boot
            Loaders</a></h3>

            <p>The FreeBSD boot loader is now capable of booting
            from filesystems with block sizes larger than 8K.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN93">2.1.3 Network
            Interface Support</a></h3>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=an&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">an</span>(4)</span></a> driver now
            supports ``monitor'' mode, settable via the <tt class=
            "OPTION">-M</tt> option to <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ancontrol&sektion=8&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ancontrol</span>(8)</span></a>.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=dc&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">dc</span>(4)</span></a> driver now
            supports NICs based on the Conexant LANfinity RS7112
            chip.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=de&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">de</span>(4)</span></a> driver now
            performs round-robin arbitration between the transmit
            and receive units of the 21143, instead of giving
            priority to the receive unit. This gives a 10-15%
            performance improvement in the forwarding rate under
            heavy load.</p>

            <p>The dgm driver has been updated from FreeBSD
            -CURRENT.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=faith&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">faith</span>(4)</span></a> device is
            now loadable, unloadable, and clonable.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=fxp&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">fxp</span>(4)</span></a> driver now
            supports Intel's loadable microcode to implement
            receive-side interrupt coalescing and packet bundling,
            on NICs that support these features. This support can
            be activated by the use of the <tt class=
            "OPTION">link0</tt> option to <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ifconfig</span>(8)</span></a>.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=gx&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">gx</span>(4)</span></a> driver has been
            added to support NICs based on the Intel 82542 and
            82543 Gigabit Ethernet controller chips. Both fiber and
            copper variants of the cards are supported. Both boards
            support VLAN tagging/insertion, and the 82543
            additionally supports TCP/IP checksum offload.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=sis&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">sis</span>(4)</span></a> driver now
            supports the SiS 900-style on-board Ethernet
            controllers in the SiS 635 and 735 motherboard
            chipsets.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=sis&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">sis</span>(4)</span></a> driver now
            supports VLANs.</p>

            <p><a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=vlan&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">vlan</span>(4)</span></a> devices are
            now loadable, unloadable, and clonable.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=wx&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">wx</span>(4)</span></a> driver is now
            deprecated; it is now officially unmaintained. Users
            with Intel Pro/1000 Gigabit Ethernet interfaces should
            use either the <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=em&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">em</span>(4)</span></a> driver or the
            <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=gx&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">gx</span>(4)</span></a> driver. (The <a
            href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=em&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">em</span>(4)</span></a> driver is
            supported by Intel, but only works on the i386
            architecture. The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=gx&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">gx</span>(4)</span></a> driver was
            developed by the FreeBSD Project, and is
            multi-platform.)</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=xl&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">xl</span>(4)</span></a> driver now
            supports send- and receive-side TCP/IP checksum
            offloading for NICs implementing this feature, such as
            the 3C905B, 3C905C, and 3C980C.</p>

            <p>A bug in the <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=xl&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">xl</span>(4)</span></a> driver, related
            to statistics overflow interrupt handling, was causing
            slowdowns at medium to high packet rates; this has been
            fixed.</p>

            <p>The per-interface <tt class="VARNAME">ifnet</tt>
            structure now has the ability to indicate a set of
            capabilities supported by a network interface, and
            which ones are enabled. <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ifconfig&sektion=8&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ifconfig</span>(8)</span></a> has
            support for querying these capabilities.</p>

            <p>Performance with hosts having a large number of IP
            aliases has been improved, by replacing the
            per-interface <tt class="VARNAME">if_inaddr</tt> linear
            list with a hash table.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN189">2.1.4 Network
            Protocols</a></h3>

            <p>The read timeout feature of <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=bpf&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">bpf</span>(4)</span></a> now works more
            correctly with <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=select&sektion=2&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">select</span>(2)</span></a>/<a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=poll&sektion=2&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">poll</span>(2)</span></a>, and
            therefore with pthreads.</p>

            <p><a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=bridge&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">bridge</span>(4)</span></a> and <a
            href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=dummynet&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">dummynet</span>(4)</span></a> have
            received some enhancements and bug fixes, and are now
            loadable modules.</p>

            <p>A bug in the TCP NewReno implementation, which could
            cause degraded throughput under certain circumstances,
            has been fixed.</p>

            <p>TCP's default buffer sizes, controlled by the <tt
            class="VARNAME">net.inet.tcp.sendspace</tt> and <tt
            class="VARNAME">net.inet.tcp.recvspace</tt> sysctl
            variables, have been increased to 32K and 64K
            respectively. Previously, the default for both buffer
            sizes was 16K. To try to avoid increasing congestion,
            the default value for <tt class=
            "VARNAME">net.inet.tcp.local_slowstart_flightsize</tt>
            has been changed from infinity to 4.</p>

            <div class="NOTE">
              <blockquote class="NOTE">
                <p><b>Note:</b> On busy hosts, the new larger
                buffer sizes may require manually increasing the
                <tt class="VARNAME">NMBCLUSTERS</tt> parameter,
                either in the kernel configuration file or via the
                <tt class="VARNAME">kern.ipc.nmbclusters</tt>
                loader tunable. <tt class="COMMAND">netstat
                -mb</tt> can be used to monitor the state of mbuf
                clusters.</p>
              </blockquote>
            </div>
            <br>
            <br>

            <p>A bug in the TCP implementation, which could cause
            connections to stall if a sender saw a zero-sized
            window, has been corrected.</p>

            <p>The TCP implementation in FreeBSD now implements a
            cache of outstanding, received SYN segments. Incoming
            SYN segments now cause entries to be placed in the
            cache until the TCP three-way handshake is complete, at
            which point, memory is allocated for the connection as
            usual. In addition, all TCP Initial Sequence Numbers
            (ISNs) are used as cookies, allowing entries in the
            cache to be dropped, but still have their corresponding
            ACKs accepted later. The combination of the so-called
            ``syncache'' and ``syncookies'' features makes a host
            much more resistant to TCP-based Denial of Service
            attacks. Work on this feature was sponsored by DARPA
            and NAI Labs.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN222">2.1.5 Disks and
            Storage</a></h3>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ata</span>(4)</span></a> driver now
            supports a wider variety of chipsets, as listed in the
            Hardware Notes.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ata</span>(4)</span></a> driver now has
            support for 48-bit addressing. Devices larger than
            137GB are now supported.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ata</span>(4)</span></a> driver now
            contains fixes for some data corruption problems on
            systems using the VIA 82C686B Southbridge chip.</p>

            <p>Floppy access on the Alphaserver DS10 and DS20 is
            broken. Use results in corrupted floppies and/or
            machine crashes.</p>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=isp&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">isp</span>(4)</span></a> driver now
            supports the Qlogic 2300 and 2312 Optical Fibre Channel
            PCI cards.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN250">2.1.6
            Filesystems</a></h3>

            <p>The directory layout preference algorithm for FFS
            (<tt class="LITERAL">dirprefs</tt>) has been changed.
            Rather than scattering directory blocks across a disk,
            it attempts to group related directory blocks together.
            Operations traversing large directory hierarchies, such
            as the FreeBSD Ports tree, have shown marked speedups.
            This change is transparent and automatic for new
            directories.</p>

            <p>The virtual memory subsystem now backs UFS directory
            memory requirements by default (this behavior is
            controlled via the <tt class=
            "VARNAME">vfs.vmiodirenable</tt> sysctl variable).</p>

            <p>A bug that prevented the root filesystem from being
            mounted from a SCSI CDROM has been fixed (ATAPI CDROMs
            were always supported).</p>

            <p>The <tt class="LITERAL">UFS_DIRHASH</tt> hash-based
            lookup optimization for large directories is now
            enabled by default in the <tt class=
            "FILENAME">GENERIC</tt> kernel.</p>

            <p>A number of bugs in the filesystem code, discovered
            through the use of the <b class="APPLICATION">fsx</b>
            filesystem test tool, have been fixed. Under certain
            circumstances (primarily related to use of NFS), these
            bugs could cause data corruption or kernel panics.</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN262">2.1.7 PCCARD
            Support</a></h3>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN268">2.1.8 Multimedia
            Support</a></h3>

            <p>The <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=urio&sektion=4&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">urio</span>(4)</span></a> driver, for
            the Diamond Rio series of MP3 players, has been added.
            (For some reason, a manual page for this driver was
            committed to FreeBSD 4.3-RELEASE.)</p>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN274">2.1.9 Contributed
            Software</a></h3>

            <p><b class="APPLICATION">IPFilter</b> now supports
            IPv6.</p>
          </div>
        </div>

        <div class="SECT2">
          <hr>

          <h2 class="SECT2"><a name="SECURITY">2.2 Security-Related
          Changes</a></h2>

          <p>Per-user <tt class="FILENAME">~/.login.conf</tt> files
          were disabled in FreeBSD 4.4-RELEASE to avoid a security
          hole caused by a bug. The bug was fixed and this feature
          has been re-enabled.</p>

          <p>A security hole in <b class="APPLICATION">OpenSSH</b>,
          which could allow users to execute code with arbitrary
          privileges if <tt class="LITERAL">UseLogin yes</tt> was
          set, has been closed. Note that the default value of this
          setting is <tt class="LITERAL">UseLogin no</tt>. (See
          security advisory <a href=
          "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:63.openssh.asc"
           target="_top">FreeBSD-SA-01:63</a>.)</p>

          <p>The use of an insecure temporary directory by <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=pkg_add&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">pkg_add</span>(1)</span></a> could permit
          a local attacker to modify the contents of binary
          packages while they were being installed. This hole has
          been closed. (See security advisory <a href=
          "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc"
           target="_top">FreeBSD-SA-02:01</a>.)</p>

          <p>A race condition in <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=pw&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">pw</span>(8)</span></a>, which could
          expose the contents of <tt class=
          "FILENAME">/etc/master.passwd</tt>, has been eliminated.
          (See security advisory <a href=
          "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:02.pw.asc"
           target="_top">FreeBSD-SA-02:02</a>.)</p>

          <p>A bug in <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=k5su&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">k5su</span>(8)</span></a> could have
          allowed a process that had given up superuser privileges
          to regain them. This bug has been fixed. (See security
          advisory <a href=
          "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
           target="_top">FreeBSD-SA-02:07</a>.)</p>

          <p>A race condition in the <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=exec&sektion=3&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">exec</span>(3)</span></a> system call,
          which could result in local users obtaining increased
          privileges, has been fixed. (See security advisory <a
          href=
          "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:08.exec.asc"
           target="_top">FreeBSD-SA-02:08</a>.)</p>
        </div>

        <div class="SECT2">
          <hr>

          <h2 class="SECT2"><a name="USERLAND">2.3 Userland
          Changes</a></h2>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=arp&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">arp</span>(8)</span></a> now prints the
          applicable interface name for each ARP entry.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=cat&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">cat</span>(1)</span></a> now has the
          ability to read from UNIX-domain sockets.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=edquota&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">edquota</span>(8)</span></a> now takes a
          <tt class="OPTION">-f</tt> option to allow limiting the
          prototype quota distribution (specified with <tt class=
          "OPTION">-p</tt>) to a single filesystem.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=find&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">find</span>(1)</span></a> can now take
          various units of time to be applied to the <tt class=
          "OPTION">-[acm]time</tt> primaries.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=fmt&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">fmt</span>(1)</span></a> has been
          rewritten; the rewrite fixes a number of bugs compared to
          its prior behavior.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=ftpd&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">ftpd</span>(8)</span></a> now supports
          <tt class="OPTION">-o</tt> and <tt class="OPTION">-O</tt>
          options to disable the <tt class="LITERAL">RETR</tt>
          command; the former for everybody, and the latter only
          for guest users. Coupled with <tt class="OPTION">-A</tt>
          and appropriate file permissions, these can be used to
          create a relatively safe anonymous FTP drop box for
          others to upload to.</p>

          <p>The <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=groups&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">groups</span>(1)</span></a> and <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=whoami&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">whoami</span>(1)</span></a> shell scripts
          are now unnecessary; their functionality has been
          completely folded into <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=id&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">id</span>(1)</span></a>.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">ipfw</span>(8)</span></a> will now avoid
          the display of dynamic firewall rules unless the <tt
          class="OPTION">-d</tt> flag is passed to it. The <tt
          class="OPTION">-e</tt> option lists expired dynamic
          rules.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">ipfw</span>(8)</span></a> has a new <tt
          class="LITERAL">limit</tt> type of firewall rule, which
          limits the number of sessions between address pairs.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=keyinfo&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">keyinfo</span>(1)</span></a> is now a C
          program, rather than a Perl script.</p>

          <p><tt class="FILENAME">libfetch</tt> has been
          synchronized to the version in FreeBSD -CURRENT; among
          other features, it now has support for an authentication
          callback.</p>

          <p><tt class="FILENAME">libstand</tt> now has support for
          filesystems containing <b class=
          "APPLICATION">bzip2</b>-compressed files.</p>

          <p>Locale names have been renamed to improve
          compatibility with the names used by X11R6, as well as a
          number of other UNIX versions. As an example, the <tt
          class="LITERAL">en_US.ISO_8859-1</tt> locale name has
          been changed to <tt class="LITERAL">en_US.ISO8859-1</tt>.
          Entries in <tt class="FILENAME">/etc/locale.alias</tt>,
          <tt class="FILENAME">/etc/man.alias</tt>, and <tt class=
          "FILENAME">/etc/nls.alias</tt> provide backward
          compatibility. The table below summarizes the locale
          changes:</p>

          <div class="INFORMALTABLE">
            <a name="AEN402"></a>

            <table border="1" class="CALSTABLE">
              <thead>
                <tr>
                  <th width="50%" align="LEFT" valign="TOP">FreeBSD
                  4.4-RELEASE</th>

                  <th width="50%" align="LEFT" valign="TOP">FreeBSD
                  4.5-RELEASE</th>
                </tr>
              </thead>

              <tbody>
                <tr>
                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">ISO_</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt></td>

                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">ISO</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt></td>
                </tr>

                <tr>
                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">ru_SU</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt></td>

                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">ru_RU</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt></td>
                </tr>

                <tr>
                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">DIS_</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt></td>

                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="LITERAL">ISO</tt><tt class=
                  "REPLACEABLE"><i>*</i></tt><tt class=
                  "LITERAL">-15</tt></td>
                </tr>

                <tr>
                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="REPLACEABLE"><i>*</i></tt><tt class=
                  "LITERAL">.ASCII</tt></td>

                  <td width="50%" align="LEFT" valign="TOP"><tt
                  class="REPLACEABLE"><i>*</i></tt><tt class=
                  "LITERAL">.US-ASCII</tt></td>
                </tr>
              </tbody>
            </table>
          </div>
          <br>
          <br>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=lpd&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">lpd</span>(8)</span></a> now has some
          support for <tt class="LITERAL">o</tt>-type print-file
          actions in its control files, which allows printing of
          PostScript files generated by <b class=
          "APPLICATION">MacOS</b> 10.1.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=natd&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">natd</span>(8)</span></a> now supports a
          <tt class="OPTION">-log_ipfw_denied</tt> option to log
          packets that cannot be re-injected because they are
          blocked by <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=ipfw&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">ipfw</span>(8)</span></a> rules.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=netstat&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">netstat</span>(1)</span></a> now has a
          <tt class="OPTION">-z</tt> flag to reset statistics.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=netstat&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">netstat</span>(1)</span></a> now has a
          <tt class="OPTION">-S</tt> flag to print addresses
          numerically but port names symbolically.</p>

          <p>The default number of cylinders per group in <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=newfs&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">newfs</span>(8)</span></a> is now
          computed to be the maximum allowable given the current
          filesystem parameters. It can be overridden with the <tt
          class="OPTION">-c</tt> option. Formerly, the default was
          fixed at 16. This change leads to better <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=fsck&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">fsck</span>(8)</span></a> performance and
          reduced fragmentation.</p>

          <p><a name="NEWFS-BLOCK-FRAG-SIZES"></a>The default block
          and fragment sizes for new filesystems created by <a
          href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=newfs&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">newfs</span>(8)</span></a> are now 16384
          and 2048 bytes, respectively (the old defaults were 8192
          and 1024 bytes). This change generally provides increased
          performance, at the expense of some wasted disk
          space.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=newsyslog&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">newsyslog</span>(8)</span></a> now has
          the ability to compress log files using <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=bzip2&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">bzip2</span>(1)</span></a>.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=nl&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">nl</span>(1)</span></a>, a line numbering
          filter program, has been added.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=pciconf&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">pciconf</span>(8)</span></a> now supports
          a <tt class="OPTION">-v</tt> option to display the
          vendor/device information of configured devices, in
          conjunction with the <tt class="OPTION">-l</tt> option.
          The default vendor/device database can be found at <tt
          class="FILENAME">/usr/share/misc/pci_vendors</tt>.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=ping&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">ping</span>(8)</span></a> now supports a
          <tt class="OPTION">-A</tt> option to beep when packets
          are lost.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=route&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">route</span>(8)</span></a> is now more
          verbose when changing indirect routes, in the case of a
          gateway route that is the same route as the one being
          modified.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=route&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">route</span>(8)</span></a> now uses <tt
          class="LITERAL"><tt class=
          "REPLACEABLE"><i>host</i></tt>/<tt class=
          "REPLACEABLE"><i>bits</i></tt></tt> syntax instead of <tt
          class="LITERAL"><tt class=
          "REPLACEABLE"><i>net</i></tt>/<tt class=
          "REPLACEABLE"><i>bits</i></tt></tt> syntax, for
          compatibility with <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=netstat&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">netstat</span>(1)</span></a>.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=route&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">route</span>(8)</span></a> can now create
          ``proxy only'' published ARP entries.</p>

          <p>The <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=route&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">route</span>(8)</span></a> <tt class=
          "OPTION">add</tt> command now supports the <tt class=
          "OPTION">-ifp</tt> and <tt class="OPTION">-ifa</tt>
          modifiers.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=send-pr&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">send-pr</span>(1)</span></a> now takes a
          <tt class="OPTION">-a</tt> option to include a file into
          the <tt class="LITERAL">Fix:</tt> section of a problem
          report.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sh&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sh</span>(1)</span></a> now implements
          <tt class="COMMAND">test</tt> as a built-in command for
          improved efficiency.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysctl</span>(8)</span></a> now supports
          a <tt class="OPTION">-e</tt> option to separate variable
          names and values by <tt class="LITERAL">=</tt> rather
          than <tt class="LITERAL">:</tt>. This feature is useful
          for producing output that can be fed back to <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysctl&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysctl</span>(8)</span></a>.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysinstall</span>(8)</span></a> now has
          the ability to load KLDs as a part of the
          installation.</p>

          <p>When run from the installation media, <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysinstall</span>(8)</span></a> will
          automatically load any device drivers found in the <tt
          class="FILENAME">/stand/modules</tt> directory of the <tt
          class="LITERAL">mfsroot</tt> floppy or filesystem image.
          Note that any drivers so loaded will not appear in the
          kernel's boot messages; the <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysinstall</span>(8)</span></a> debugging
          screen will provide additional information.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysinstall</span>(8)</span></a> now
          enables Soft Updates by default on all filesystems it
          creates, except for the root filesystem.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">sysinstall</span>(8)</span></a> has
          received updates for its ``auto'' partitioning mode which
          provide more reasonable defaults for the sizes of
          partitions that are created; auto-sized partitions can
          now also recover the space that becomes available when
          other partitions are deleted.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=syslogd&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">syslogd</span>(8)</span></a> now has the
          ability to bind to a specific address (as opposed to
          using every available one) via the <tt class=
          "OPTION">-b</tt> option.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=syslogd&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">syslogd</span>(8)</span></a> now accepts
          a <tt class="OPTION">-c</tt> flag to disable repeated
          line compression.</p>

          <p>Previously, <a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=vnconfig&sektion=8&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">vnconfig</span>(8)</span></a> was only
          capable of configuring 16 devices when invoked with the
          <tt class="OPTION">-f</tt> (configuration file) option.
          This limit has been removed.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=wall&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">wall</span>(1)</span></a> now supports a
          <tt class="OPTION">-g</tt> flag to write a message to all
          users of a given group.</p>

          <p><a href=
          "http://www.FreeBSD.org/cgi/man.cgi?query=whois&sektion=1&manpath=FreeBSD+4.5-RELEASE">
          <span class="CITEREFENTRY"><span class=
          "REFENTRYTITLE">whois</span>(1)</span></a> supports a <tt
          class="OPTION">-c</tt> option to specify a country code
          to help direct queries towards a particular whois
          server.</p>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN597">2.3.1 Contributed
            Software</a></h3>

            <p>The version of <b class="APPLICATION">IPFilter</b>
            provided with FreeBSD now includes the <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ipfs&sektion=8&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ipfs</span>(8)</span></a> program,
            which allows state information created for NAT entries
            and stateful rules to be saved to disk and restored
            after a reboot. Boot-time configuration of these
            features is supported by <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=rc.conf&sektion=5&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">rc.conf</span>(5)</span></a>.</p>

            <p>The <b class="APPLICATION">NTP</b> suite of programs
            has been updated to 4.1.0.</p>

            <p><b class="APPLICATION">OpenSSH</b> has been updated
            to version 2.9, which adds two new programs, <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=sftp&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">sftp</span>(1)</span></a> and <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-keyscan&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ssh-keyscan</span>(1)</span></a>. Among
            the various enhancements: Rekeying of existing SSH
            sessions is now supported, <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ssh-agent&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ssh-agent</span>(1)</span></a> now
            supports authentication forwarding for DSA keys, and an
            experimental <b class="APPLICATION">SOCKS4</b> proxy
            has been added to <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=ssh&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">ssh</span>(1)</span></a>.</p>

            <div class="NOTE">
              <blockquote class="NOTE">
                <p><b>Note:</b> <tt class="LITERAL">Protocol
                1,2</tt> remains the default protocol setting in
                <tt class="FILENAME">/etc/ssh/ssh_config</tt>. In
                FreeBSD -CURRENT, the default is <tt class=
                "LITERAL">Protocol 2,1</tt>.</p>
              </blockquote>
            </div>
            <br>
            <br>

            <p>The <tt class="USERNAME">smmsp</tt> and <tt class=
            "USERNAME">mailnull</tt> users have been added to <tt
            class="FILENAME">/etc/master.passwd</tt>. In the
            absence of a <tt class="LITERAL">confDEF_USER_ID</tt>
            setting, by default, <b class=
            "APPLICATION">sendmail</b> will use the <tt class=
            "USERNAME">mailnull</tt> user for extra security.
            Previously, if the <tt class="USERNAME">mailnull</tt>
            user did not exist, the <tt class=
            "USERNAME">daemon</tt> user was used. This change may
            generate some permissions issues when mailing to files
            or to programs (such as <a href=
            "http://www.FreeBSD.org/cgi/url.cgi?ports/mail/majordomo/pkg-descr">
            <tt class="PORT">mail/majordomo</tt></a>). The previous
            behavior can be restored by adding the following line
            to a system's <tt class="FILENAME"><tt class=
            "REPLACEABLE"><i>*</i></tt>.mc</tt> configuration
            file:</p>
<pre class="PROGRAMLISTING">
    define(`confDEF_USER_ID', `daemon')
</pre>
            <br>
            <br>

            <p><b class="APPLICATION">tcsh</b> has been updated to
            version 6.11.</p>

            <p>The timezone database has been updated to the <tt
            class="FILENAME">tzdata2001d</tt> release.</p>

            <div class="SECT4">
              <hr>

              <h4 class="SECT4"><a name="AEN661">2.3.1.1
              CVS</a></h4>

              <p><b class="APPLICATION">CVS</b> has been updated to
              1.11.1p1.</p>

              <p><a href=
              "http://www.FreeBSD.org/cgi/man.cgi?query=cvs&sektion=1&manpath=FreeBSD+4.5-RELEASE">
              <span class="CITEREFENTRY"><span class=
              "REFENTRYTITLE">cvs</span>(1)</span></a> now supports
              a <tt class="OPTION">-T</tt> option to update a
              sandbox's <tt class="FILENAME">CVS/Template</tt> file
              from the repository.</p>

              <p><a href=
              "http://www.FreeBSD.org/cgi/man.cgi?query=cvs&sektion=1&manpath=FreeBSD+4.5-RELEASE">
              <span class="CITEREFENTRY"><span class=
              "REFENTRYTITLE">cvs</span>(1)</span></a> <tt class=
              "LITERAL">diff</tt> now supports the <tt class=
              "OPTION">-j</tt> option to perform differences
              against a revision relative to a branch tag.</p>
            </div>
          </div>

          <div class="SECT3">
            <hr>

            <h3 class="SECT3"><a name="AEN677">2.3.2 Ports/Packages
            Collection</a></h3>

            <p>Due to delays in the certification process, native
            <b class="APPLICATION">JDK</b> support for FreeBSD will
            be released shortly after 4.5-RELEASE. An announcement
            will be made on the FreeBSD Web site, as well as the
            FreeBSD announcements mailing list <tt class=
            "EMAIL">&#60;<a href=
            "mailto:freebsd-announce@FreeBSD.org">freebsd-announce@FreeBSD.org</a>&#62;</tt>,
            when the distribution is available.</p>

            <p><a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=pkg_create&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">pkg_create</span>(1)</span></a> now
            supports a <tt class="OPTION">-b</tt> option to create
            a package file from a locally-installed package.</p>

            <p><a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=pkg_delete&sektion=1&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">pkg_delete</span>(1)</span></a> now
            supports a <tt class="OPTION">-r</tt> option for
            recursive package removal.</p>

            <p>Version 4.2.0 of <b class="APPLICATION">XFree86</b>
            was released just a few days before the shipping date
            for FreeBSD 4.5-RELEASE. As a result, the FreeBSD team
            did not have time to test and evaluate the new version
            for inclusion in the release. Therefore, FreeBSD
            4.5-RELEASE includes the older 4.1.0 version of the <b
            class="APPLICATION">XFree86</b> package. Installing a
            newer version of <b class="APPLICATION">XFree86</b> can
            be done using an up-to-date (post-release) copy of the
            FreeBSD Ports Collection; instructions for doing so can
            be found in the <a href=
            "http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html"
             target="_top">Using the Ports Collection</a> section
            of the <a href="http://www.FreeBSD.org/handbook/"
            target="_top">FreeBSD Handbook</a>.</p>
          </div>
        </div>
      </div>

      <div class="SECT1">
        <hr>

        <h1 class="SECT1"><a name="AEN698">3 Upgrading from
        previous releases of FreeBSD</a></h1>

        <p>If you're upgrading from a previous release of FreeBSD,
        you generally will have three options:</p>

        <ul>
          <li>
            <p>Using the binary upgrade option of <a href=
            "http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&sektion=8&manpath=FreeBSD+4.5-RELEASE">
            <span class="CITEREFENTRY"><span class=
            "REFENTRYTITLE">sysinstall</span>(8)</span></a>. This
            option is perhaps the quickest, although it presumes
            that your installation of FreeBSD uses no special
            compilation options.</p>
          </li>

          <li>
            <p>Performing a complete reinstall of FreeBSD.
            Technically, this is not an upgrading method, and in
            any case is usually less convenient than a binary
            upgrade, in that it requires you to manually backup and
            restore the contents of <tt class="FILENAME">/etc</tt>.
            However, it may be useful in cases where you want (or
            need) to change the partitioning of your disks.</p>
          </li>

          <li>
            <p>From source code in <tt class=
            "FILENAME">/usr/src</tt>. This route is more flexible,
            but requires more disk space, time, and more technical
            expertise. Upgrading from very old versions of FreeBSD
            may be problematic; in cases like this, it is usually
            more effective to perform a binary upgrade or a
            complete reinstall.</p>
          </li>
        </ul>
        <br>
        <br>

        <p>Please read the <tt class="FILENAME">INSTALL.TXT</tt>
        file for more information, preferably <span class=
        "emphasis"><i class="EMPHASIS">before</i></span> beginning
        an upgrade. If you are upgrading from source, please be
        sure to read <tt class="FILENAME">/usr/src/UPDATING</tt> as
        well.</p>

        <p>Finally, if you want to use one of various means to
        track the -STABLE or -CURRENT branches of FreeBSD, please
        be sure to consult the <a href=
        "http://www.FreeBSD.org/handbook/current-stable.html"
        target="_top">``-CURRENT vs. -STABLE''</a> section of the
        <a href="http://www.FreeBSD.org/handbook/" target=
        "_top">FreeBSD Handbook</a>.</p>

        <div class="IMPORTANT">
          <blockquote class="IMPORTANT">
            <p><b>Important:</b> Upgrading FreeBSD should, of
            course, only be attempted after backing up <span class=
            "emphasis"><i class="EMPHASIS">all</i></span> data and
            configuration files.</p>
          </blockquote>
        </div>
      </div>
    </div>
    <hr>

    <p align="center"><small>This file, and other release-related
    documents, can be downloaded from <a href=
    "ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/</a>.</small></p>

    <p align="center"><small>For questions about FreeBSD, read the
    <a href="http://www.FreeBSD.org/docs.html">documentation</a>
    before contacting &#60;<a href=
    "mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>

    <p align="center"><small>For questions about this
    documentation, e-mail &#60;<a href=
    "mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
    <br>
    <br>
++++


